Coro Secures $100 Million Funding Round to Drive Aggressive Growth to Transform Cybersecurity for SMEs Read more

Start a Trial 
Watch a Demo
Contact Sales
Become a Partner
Compliance Survey
Get Support

Start a Free Trial

Try Coro for Free for the Next 30 Days

"*" indicates required fields

Hidden
Name
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Coro Platform

Watch a Demo

Explore our collection of recorded product demonstrations to witness Coro in action.

"*" indicates required fields

Hidden
Name
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
See how much time you could save with Coro guarding your business:
Instantly handle 95%+ of email threats
Monitor cloud app security from a single dashboard
Protect devices across the threat landscape
Prevent data loss with a deceivingly simple solution

Contact Sales

Receive comprehensive information about our product, pricing, and technical details straight from our specialists.

"*" indicates required fields

Hidden
Name
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Modules

Become a partner today

Turn your cybersecurity business into a revenue center

"*" indicates required fields

Hidden
Name
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Modules

Build Your Compliance Report

Does your business satisfy security regulations? Take the survey to learn how your industry, services, and location can impact your compliance posture.
Take the Compliance Survey

Hackers Can Bypass HTTPS Protection on Windows, Linux, and Mac

Oct 09, 2016

2 MINUTE READ

If you browse to a major website on the internet, chances are you’ll see something next to the URL—a tiny lock icon, next to the prefix “HTTPS.” This indicates that you’re currently using a secure version of the Hypertext Transfer Protocol. It means that the connection between your web browser and the application you are viewing is encrypted via TLS (Transport Layer Security). In effect, it is very difficult for a potential attacker to eavesdrop on what users are doing on a site that’s protected by the HTTPS protocol.

HTTPS Has Never Been Unbreakable

Difficult as it may be, however, the HTTPS protocol is not unbreakable. Hackers commonly employ what’s known as a man-in-the-middle attack” (MITM). In this instance, attackers may use a phishing email to direct users to a fake website. The website might look exactly like a real banking or ecommerce site, thus tricking users into inputting their personal information, such as address info and credit cards. A version of this attack was used to scam eBay users back in 2014.

Similarly, a website might end up using an outdated version of TLS or SSL to encrypt its communications. These outdated variants are subject to several bugs that might allow attackers to decrypt communications. The most famous example of this was the Heartbleed bug. This bug allowed attackers to exploit outdated versions of SSL to output a site’s password, user database, certificate codes, and more.

Now, there’s a new bug to worry about.

An Outdated Protocol Leaves Users Vulnerable

Security researchers have now discovered a way to bypass HTTPS encryption entirely. The exploit, which was demoed at BlackHat this summer, relies on a browser element called Web Proxy Autodiscovery (WPAD). WPAD is actually obsolete—like many elements of major exploits—but it’s still supported by all major browsers. Essentially, WPAD would tell browsers to download a file at a certain URL, and then execute it in order to find the proxy for a web browser.

Bad actors can get around HTTPS by using this obsolete protocol as an attack vector. When a computer connects to a new network, it sometimes has to request a proxy autoconfig file (PAC) using WPAD. If that file is malicious, it can deliver attackers the plaintext version of a user’s destination URL, before the HTTPS connection is initiated. The most vulnerable users are ones who often connect to networks outside their home and office—at airports, cars, coffee shops, and so on.

Protecting Users from Unholy PAC

This vulnerability, deemed Unholy PAC, may find itself resistant to easy fixes. WPAD functionality has been embedded in web browsers since the late 90s, so simply removing it might cause a cascade of additional problems. While there are a number of potential patches and workarounds that might also work, none have yet been released, leaving users out in the cold.

At Coronet, we’ve long recognized the vulnerability of users who find connectivity outside their home networks. This new PAC bug appears to make these remote workers even more defenseless. Fortunately, Coronet users will find themselves well-defended. Our machine-learning software can quickly adapt to recognize when a user’s connection is being threatened. In response, it can help make the targeted endpoint nearly invisible to attackers.

Coro Cybersecurity News

Expand knowledge in cybersecurity
Coro was built on a simple principle: Enterprise-grade security should be accessible to every business. We believe the more businesses we protect, the more we protect our entire economic outlook.
Copyright 2023 © Coro Cybersecurity All Rights Reserved
chevron-down